Potential file overwrite if archive filename starts with file://

I have submitted this to the PEAR bug tracker as well as the PEAR group mailing list, and I'm not sure if either has gone through, so opening an issue here with the hope that this is the right place for it. While auditing a separate application which uses ArchiveTar internally, I found that...

CVE-2020-28339

The usc-e-shop aka Collne Welcart e-Commerce plugin before 1.9.36 for WordPress allows Object Injection because of uscesunserialize. There is not a complete POP chain...

CVE-2020-28339

The usc-e-shop aka Collne Welcart e-Commerce plugin before 1.9.36 for WordPress allows Object Injection because of uscesunserialize. There is not a complete POP chain...

Design/Logic Flaw

The usc-e-shop aka Collne Welcart e-Commerce plugin before 1.9.36 for WordPress allows Object Injection because of uscesunserialize. There is not a complete POP chain...

CVE-2020-28339

The usc-e-shop aka Collne Welcart e-Commerce plugin before 1.9.36 for WordPress allows Object Injection because of uscesunserialize. There is not a complete POP chain...

WordPress Sites Open to Code Injection Attacks via Welcart e-Commerce Bug

A security vulnerability in the Welcart e-Commerce plugin opens up websites to code injection. This can lead to payment skimmers being installed, crashing of the site or information retrieval via SQL injection, researchers said. Welcart e-Commerce is a free WordPress plugin that has more than...

WordPress Welcart e-Commerce plugin <= 1.9.35 - Authenticated PHP Object Injection vulnerability

Authenticated PHP Object Injection vulnerability found by Ramuel Gall in WordPress Welcart e-Commerce plugin versions = 1.9.35. Solution Update the WordPress Welcart e-Commerce plugin to the latest available version at least 1.9.36...

Welcart e-Commerce < 1.9.36 - Authenticated PHP Object Injection

The plugin unserialises via uscesunserialize the content of the uscescookie cookie, which could lead to a PHP Object Injection issue...

GDPR CCPA Compliance Support < 2.4 - Unauthenticated PHP Object Injection

The GDPR CCPA Compliance Support WordPress plugin was vulnerable to an Unauthenticated PHP Object Injection security vulnerability. The vulnerability could triggered within the "njtgdprallowpermissions" Base64 encoded cookie value...

GHSA-JRGF-VFW2-HJ26 RCE via PHP Object injection via SOAP Requests

Impact This vulnerability allows an admin user to generate soap credentials that can be used to trigger RCE via PHP Object Injection through product attributes and a product. Patches The latest OpenMage Versions up from 19.4.7 and 20.0.3 have this Issue solved Credits Credit to Luke Rodgers for...

RCE via PHP Object injection via SOAP Requests

Impact This vulnerability allows an admin user to generate soap credentials that can be used to trigger RCE via PHP Object Injection through product attributes and a product. Patches The latest OpenMage Versions up from 19.4.7 and 20.0.3 have this Issue solved Credits Credit to Luke Rodgers for...

PHP Object Injection

gosa is vulnerable to PHP object injection. The vulnerability allows a remote authenticated attacker to perform file deletions in the context process worker of the web server using a malicious cookie value. This is due to lack of validation during deserializing of cookie value to restore filter...

Adobe Magento Injection Vulnerability

Adobe Magento is the United States of America Odobie Adobe company's set of open source PHP e-commerce system . The system provides rights management , search engines and payment gateways and other functions . Magento rubygems openmage/magento-lts version 19.4.8, version 20.0.4 security...

Remote Code Execution (RCE)

openmage/magento-lts is vulnerable to remote code execution RCE. The vulnerability exists as an admin user can generate SOAP credentials that can be used to cause RCE with a PHP Object Injection flaw through the product attributes...

CVE-2020-15244

In Magento rubygems openmage/magento-lts package before versions 19.4.8 and 20.0.4, an admin user can generate soap credentials that can be used to trigger RCE via PHP Object Injection through product attributes and a product. The issue is patched in versions 19.4.8 and 20.0.4...

Code injection

In Magento rubygems openmage/magento-lts package before versions 19.4.8 and 20.0.4, an admin user can generate soap credentials that can be used to trigger RCE via PHP Object Injection through product attributes and a product. The issue is patched in versions 19.4.8 and 20.0.4...

CVE-2020-15244 RCE in Magento

In Magento rubygems openmage/magento-lts package before versions 19.4.8 and 20.0.4, an admin user can generate soap credentials that can be used to trigger RCE via PHP Object Injection through product attributes and a product. The issue is patched in versions 19.4.8 and 20.0.4...

CVE-2020-15244

CVE-2020-15244 affects OpenMage/magento-lts within Magento: prior to versions 19.4.8 and 20.0.4, an admin can generate SOAP credentials that enable PHP Object Injection through product attributes and a product, leading to remote code execution. The issue is patched in 19.4.8 and 20.0.4.

Post Grid WordPress Plugin Flaws Allow Site Takeovers

Two high-severity vulnerabilities in Post Grid, a WordPress plugin with more than 60,000 installations, opens the door to site takeovers, according to researchers. To boot, nearly identical bugs are also found in Post Grid’s sister plug-in, Team Showcase, which has 6,000 installations. The issues...

WordPress Post Grid plugin <= 2.0.72 - PHP Object Injection vulnerability

PHP Object Injection vulnerability found by Ramuel Gall Wordfence in WordPress Post Grid plugin versions = 2.0.72. Solution Update the WordPress Post Grid plugin to the latest available version at least 2.0.73...